Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/LZenj6dFcwlYEqBUHcnk9igxWAg.roa
File:                     LZenj6dFcwlYEqBUHcnk9igxWAg.roa (raw, json)
Hash identifier:          ST2bdPISdvl1VoQeYoq+GyvEy4bo5c66q4Zy1fDSLuY=
Subject key identifier:   2D:97:A7:8F:A7:45:73:09:58:12:A0:54:1D:C9:E4:F6:28:31:58:08
Certificate issuer:       /CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
Certificate serial:       0184C8F2C29C7A123789E981670B4B841658
Authority key identifier: 28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/LZenj6dFcwlYEqBUHcnk9igxWAg.roa
Signing time:             Wed 30 Nov 2022 14:31:03 +0000
ROA not before:           Wed 30 Nov 2022 14:31:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     0
IP address blocks:        45.11.70.0/24 maxlen: 24
                          45.11.68.0/22 maxlen: 22
                          2.58.144.0/22 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:c8:f2:c2:9c:7a:12:37:89:e9:81:67:0b:4b:84:16:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2864bb34fb5d16ca9d1fa3f9794cb48d4bed8473
        Validity
            Not Before: Nov 30 14:31:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=2d97a78fa74573095812a0541dc9e4f628315808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:83:7c:4c:b1:38:43:4b:8f:4b:67:7a:a5:39:
                    a4:64:f8:3f:0e:36:2b:e7:cf:81:8e:0e:31:fa:f3:
                    ca:b9:42:f0:6d:78:4a:52:77:78:87:f5:c9:69:fa:
                    bb:a7:e2:62:dc:01:8e:57:c3:be:4c:e1:01:92:43:
                    c2:e0:63:e7:b4:03:a3:d9:cf:ff:4a:f8:59:fa:02:
                    d0:af:e6:25:d6:0f:c3:cb:bb:7a:60:7c:20:34:9e:
                    8b:8e:a1:8c:b7:29:42:2d:94:e3:d1:04:8b:4e:a3:
                    47:ed:d8:3d:79:3b:0b:92:08:84:36:50:61:4d:a3:
                    da:0f:a5:d4:14:9f:6b:5d:52:7b:6e:c0:fc:fd:fe:
                    e0:8f:3e:95:e2:3c:df:86:88:bb:fd:ea:32:e0:b6:
                    37:a4:f5:8f:80:9b:34:10:d3:13:d9:0b:5e:17:29:
                    4a:dc:f5:fc:5d:3a:27:da:1a:71:0f:83:f0:52:b1:
                    b0:ab:22:51:ad:3e:5d:0a:8d:0d:7f:a9:ea:f9:1d:
                    79:72:f3:b9:9f:6c:84:69:01:e9:24:77:70:f9:4d:
                    62:74:b6:e4:5c:98:26:82:45:26:b1:ac:fc:df:74:
                    ee:59:4d:b0:6a:80:6c:4e:df:76:46:32:c7:98:6c:
                    7d:3b:95:ee:92:15:4f:f9:0d:94:67:52:47:26:aa:
                    1a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:97:A7:8F:A7:45:73:09:58:12:A0:54:1D:C9:E4:F6:28:31:58:08
            X509v3 Authority Key Identifier:
                keyid:28:64:BB:34:FB:5D:16:CA:9D:1F:A3:F9:79:4C:B4:8D:4B:ED:84:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGS7NPtdFsqdH6P5eUy0jUvthHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/LZenj6dFcwlYEqBUHcnk9igxWAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/47f445-5ea9-437d-a59a-5900a5947b8d/1/KGS7NPtdFsqdH6P5eUy0jUvthHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.144.0/22
                  45.11.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:e2:93:e1:b1:a2:4c:b2:0e:0c:de:6b:34:85:a4:e2:b2:cd:
         54:8d:ae:66:d8:ab:dc:aa:a0:b7:08:51:50:80:b0:10:2a:f2:
         e9:12:6b:e9:81:b4:36:92:f7:c4:2c:9b:0a:a2:8e:97:0f:0c:
         0d:a9:42:7a:59:a0:72:3e:1e:8c:f4:d1:e8:82:b3:5a:2b:0d:
         bb:34:c6:69:76:b9:6c:de:f0:3c:fc:cb:af:36:db:3c:82:cf:
         f3:7c:3d:ad:63:10:89:b0:7f:70:0a:bd:77:37:1a:98:41:68:
         4f:43:c2:16:57:6b:32:8f:1b:c0:02:8d:3b:e4:7a:0c:75:2a:
         d6:40:cf:5d:07:d4:76:8c:d6:82:04:5e:1b:af:83:3f:b2:1d:
         8c:01:fc:5a:d8:e7:7c:ae:ad:12:a9:f5:2f:2d:08:11:74:a8:
         c3:e9:cc:73:35:07:58:29:5a:c1:2c:2f:da:09:2a:e2:25:ed:
         c4:44:42:c4:e8:ba:31:23:09:14:ae:f5:93:7c:fb:44:55:b5:
         e6:5a:0f:ff:2b:6b:a0:6e:63:be:23:2e:9e:e7:d0:d7:74:e3:
         ab:49:bb:8e:e7:c8:47:3d:1a:32:ac:2b:54:22:42:48:d3:1b:
         0b:06:d9:ed:f3:89:da:d7:00:a6:38:5b:d8:4a:a3:56:b4:0d:
         2c:f5:a0:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYTI8sKcehI3iemBZwtLhBZYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjRiYjM0ZmI1ZDE2Y2E5ZDFmYTNmOTc5NGNiNDhkNGJl
ZDg0NzMwHhcNMjIxMTMwMTQzMTAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDk3YTc4ZmE3NDU3MzA5NTgxMmEwNTQxZGM5ZTRmNjI4MzE1ODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloN8TLE4Q0uPS2d6pTmkZPg/DjYr
58+Bjg4x+vPKuULwbXhKUnd4h/XJafq7p+Ji3AGOV8O+TOEBkkPC4GPntAOj2c//
SvhZ+gLQr+Yl1g/Dy7t6YHwgNJ6LjqGMtylCLZTj0QSLTqNH7dg9eTsLkgiENlBh
TaPaD6XUFJ9rXVJ7bsD8/f7gjz6V4jzfhoi7/eoy4LY3pPWPgJs0ENMT2QteFylK
3PX8XTon2hpxD4PwUrGwqyJRrT5dCo0Nf6nq+R15cvO5n2yEaQHpJHdw+U1idLbk
XJgmgkUmsaz833TuWU2waoBsTt92RjLHmGx9O5XukhVP+Q2UZ1JHJqoaYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC2Xp4+nRXMJWBKgVB3J5PYoMVgIMB8GA1UdIwQY
MBaAFChkuzT7XRbKnR+j+XlMtI1L7YRzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEt
NTkwMGE1OTQ3YjhkLzEvTFplbmo2ZEZjd2xZRXFCVUhjbms5aWd4V0FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80N2Y0NDUtNWVhOS00MzdkLWE1OWEtNTkwMGE1OTQ3Yjhk
LzEvS0dTN05QdGRGc3FkSDZQNWVVeTBqVXZ0aEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAjqQAwQC
LQtEMA0GCSqGSIb3DQEBCwUAA4IBAQA+4pPhsaJMsg4M3ms0haTiss1Uja5m2Kvc
qqC3CFFQgLAQKvLpEmvpgbQ2kvfELJsKoo6XDwwNqUJ6WaByPh6M9NHogrNaKw27
NMZpdrls3vA8/MuvNts8gs/zfD2tYxCJsH9wCr13NxqYQWhPQ8IWV2syjxvAAo07
5HoMdSrWQM9dB9R2jNaCBF4br4M/sh2MAfxa2Od8rq0SqfUvLQgRdKjD6cxzNQdY
KVrBLC/aCSriJe3ERELE6LoxIwkUrvWTfPtEVbXmWg//K2ugbmO+Iy6e59DXdOOr
SbuO58hHPRoyrCtUIkJI0xsLBtnt84na1wCmOFvYSqNWtA0s9aAc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:06 2024 by rpki-client on console-ams.rpki-client.org